diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 2eb5e2feefb7667bf5fe44b7123b063000967d34..85050b4b4fd7301966d0ce3b85297caad1f8c9a4 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -563,7 +563,11 @@ class sspmod_saml_IdP_SAML2 {
 		}
 		$a->setNotOnOrAfter(time() + $assertionLifetime);
 
-		$a->setAuthnContext(SAML2_Const::AC_PASSWORD);
+		if (isset($state['saml:AuthnContextClassRef'])) {
+			$a->setAuthnContext($state['saml:AuthnContextClassRef']);
+		} else {
+			$a->setAuthnContext(SAML2_Const::AC_PASSWORD);
+		}
 
 		if (isset($state['AuthnInstant'])) {
 			$a->setAuthnInstant($state['AuthnInstant']);